0

I'm learning reverse engineering. I trying to compile code to assembler view for better understanding. How I can disable any additional (redundancy) info in the assembler code? I want to only leave the pure assembler code

current command (windows) gcc -S .\test.c -masm=intel -O0

output:

    .file   "test.c"
    .intel_syntax noprefix
    .text
    .def    __main; .scl    2;  .type   32; .endef
    .globl  main
    .def    main;   .scl    2;  .type   32; .endef
    .seh_proc   main
main:
    push    rbp
    .seh_pushreg    rbp
    mov rbp, rsp
    .seh_setframe   rbp, 0
    sub rsp, 32
    .seh_stackalloc 32
    .seh_endprologue
    call    __main
    nop
    add rsp, 32
    pop rbp
    ret
    .seh_endproc
    .ident  "GCC: (x86_64-posix-seh-rev0, Built by MinGW-W64 project) 8.1.0"

This output produces redundancy info. For example, I can remove .file "test.c" it does not affect anything.

Source:

void main() {
    }
Давид Шико
  • 362
  • 1
  • 4
  • 13
  • If you need just the assembly, what's the difference with what any *disassembler* gives you? Especially, if you compile with debug symbols. All those redundant info are the high-level details you lose when compiling, if you make GCC generate an assembly file to ease your reverse engineering, why do you want to remove them? – Margaret Bloom Feb 17 '20 at 17:15
  • currently, I asked just about compiling, no disassembling – Давид Шико Feb 17 '20 at 17:27
  • I don't get it, but you can get a long way by simply discarding lines that start with a dot. – Margaret Bloom Feb 17 '20 at 18:06

1 Answers1

1

gcc -s is the option to strip symbols. However, you can run strip afterwards to remove extra data which still might be included.

What is the difference between "gcc -s" and a "strip" command?

However, this primarily affects the final binary and not necessarily the source code which you get with -S.

If you want to understand the code better, I would recommend to compile it to a binary and load it into a debugger for inspection, keeping the generated asm source as a reference.

Devolus
  • 21,661
  • 13
  • 66
  • 113
  • I'm doing so, but currently, I'm no so good understanding the source asm :) – Давид Шико Feb 17 '20 at 17:22
  • But that's part of the learning. And I would start with a rather minmal example. For example add a few numbers and print them. Then you have to isolate the print part, and you can see rather good what the rest of your program was compiled into. Obviously you wouldn't start with a complex program, so it's under your control how much you can digest. You should compile in debug mode thouhg, or at least without any optimizations and debugging off. Unless you know how to defeat the optimizer because it can interfere with what you want to see. – Devolus Feb 29 '20 at 14:36